I agree that more projects should follow, or improve, the anti-klepto solution, but a laptop suffers the same exact problem, and it has a larger (software) attack surface.
I cannot see any other solution than open source software with a strong peer-review procedure, paired with signed and reproducible builds.
A Laptop is not a device purpose-built to store millions of dollars in bearer-assets. It’s a much less juicy target.
What about SeedSigner? Seems to be the best combination, especially when used in a MultiSig setup?
SeedSigner has no secure element and uses a Raspberry Pi.
That's not the problem; since it has not a battery and you need to load the seed every time, having a secure element would be pointless.
SeedSigner is a *great* tool, but it is not immune to the attack described in the article, you you must be careful about the software you are running. A basic precaution is not to leave the microSD inserted, so that an attacker cannot simply overwrite it and let you run a tampered version.
Fair point. But it's all about tradeoffs to me. Purpose built hardware (like hardware wallets) = more prominent targets. Generic hardware = more responsability on the user to verify the software manually
But this is exactly why you do want a purpose built device. I own a 2014 macbook pro and started using crypto currency in 2017. I started with shitcoins, now I'm only bitcoin. But regardless I had a wallet file saved to a USB stick but one day, I checked my funds and they were gone. I consider myself pretty computer literate and to this day, I still don't know how my wallet was swept. Was this laptop air gapped as you're proposing? No, but IMO that is way easier to fuck up than just using a HWW.
It's not just a problem of individual juicy targets, if people start using airgapped laptops, we will definitely see an increase in attacks on Tails, Sparrow, etc.
You can just download those software packages once and rarely upgrade and you’re safe. Unlike a compromised HWW which can lie to you about the status of its firmware.
If you are a power user this could work, although you still have to check the software before installing it.
But for the average user, the one who thinks that putting the seed in a USB stick is an airgap solution (!) as he only connect it to the PC for "few minutes"... Sorry it doesn't work, at the first phishing email he will connect to wifi and update applications, or install a new one. Hardware wallet, although they are not perfect, are quite good to minimize this kind of error.
At the end the solution is in the mantra: don't trust, verify.
